CVE-2014-3631 : The assoc_array_gc function in the associative-array implementation in lib/assoc

The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.

Published 2014-09-28 10:55:10

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2014-3631

Linux » Linux Kernel
Versions from including (>=) 3.15 and before (<) 3.16.3
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.13 and before (<) 3.14.19
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2014-3631

Top countries where our scanners detected CVE-2014-3631

Top open port discovered on systems with this issue 49152

IPs affected by CVE-2014-3631 10,850

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2014-3631!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2014-3631

EPSS FAQ

0.36%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 56 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-3631

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2014-3631

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=95389b08d93d5c06ec63ab49bd732b0069b7c35e

Broken Link
http://www.ubuntu.com/usn/USN-2378-1

USN-2378-1: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.exploit-db.com/exploits/36268

Linux Kernel 3.16.3 - Associative Array Garbage Collection Crash (PoC) - Linux dos Exploit
Third Party Advisory;VDB Entry
https://github.com/torvalds/linux/commit/95389b08d93d5c06ec63ab49bd732b0069b7c35e

KEYS: Fix termination condition in assoc array garbage collection · torvalds/linux@95389b0 · GitHub
Exploit
http://www.securityfocus.com/bid/70095

Linux Kernel CVE-2014-3631 Local Denial of Service Vulnerability
Third Party Advisory;VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1140325

1140325 – (CVE-2014-3631) CVE-2014-3631 kernel: keys: incorrect termination condition in assoc array garbage collection
Issue Tracking
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3

Exploit

CVEs referencing this url
http://osvdb.org/show/osvdb/111298

Broken Link
http://www.ubuntu.com/usn/USN-2379-1

USN-2379-1: Linux kernel vulnerabilities | Ubuntu security notices
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-3631

Products affected by CVE-2014-3631

Threat overview for CVE-2014-3631

Exploit prediction scoring system (EPSS) score for CVE-2014-3631

CVSS scores for CVE-2014-3631

References for CVE-2014-3631